home

asfergjiiwopwasrga.exe

The application asfergjiiwopwasrga.exe has been detected as a potentially unwanted program by 23 anti-malware scanners. This is a malicious Bitcoin miner. Bitcoin-mining malware is designed to force computers to generate Bitcoins for cybercriminals' use and consumes computing power. The file has been seen being downloaded from www.weebly.com.
MD5:
3e6b32d043bd6060d6ab89e8e3e5ab8a

SHA-1:
4ad4e6ac017b817313cf2e7908b23868585cadc4

SHA-256:
62cb12aa08cf021db98512afdf45e949dc3e93436723ad8cd73d95602bef7130

Scanner detections:
23 / 68

Status:
Potentially unwanted

Explanation:
The program will mine for BitCoins using the computer's GPU in the background and may be installed and run without the user's knowledge.

Analysis date:
4/25/2024 9:46:46 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Backdoor.Generic.950986
597

avast!
Win32:Miner-B [PUP]
2014.9-150618

AVG
BitCoinMiner.D
2016.0.3075

Baidu Antivirus
Hacktool.Win64.BitCoinMiner
4.0.3.15618

Bitdefender
Backdoor.Generic.950986
1.0.20.845

Dr.Web
Trojan.Inject1.54472
9.0.1.0169

Emsisoft Anti-Malware
Backdoor.Generic.950986
8.15.06.18.08

ESET NOD32
Win64/BitCoinMiner.U potentially unsafe (variant)
9.11568

Fortinet FortiGate
Riskware/BitCoinMiner
6/18/2015

F-Secure
Backdoor.Generic.950986
11.2015-18-06_5

G Data
Backdoor.Generic.950986
15.6.25

K7 AntiVirus
Trojan
13.203.15786

Kaspersky
not-a-virus:RiskTool.Win64.BitCoinMiner
14.0.0.1868

McAfee
Artemis!3E6B32D043BD
5600.6731

MicroWorld eScan
Backdoor.Generic.950986
16.0.0.507

NANO AntiVirus
Riskware.Win64.BitCoinMiner.dohudj
0.30.24.1357

nProtect
Backdoor.Generic.950986
15.04.30.01

Panda Antivirus
Generic Suspicious
15.06.18.08

Qihoo 360 Security
Win32/Virus.RiskTool.98a
1.0.0.1015

Quick Heal
RiskTool.Win64.r9 (Not a Virus)
6.15.14.00

Sophos
Generic PUA EK
4.98

Trend Micro House Call
TROJ_GEN.R02SH07BL15
7.2.169

VIPRE Antivirus
Trojan.Win32.Generic
39902

File size:
1.1 MB (1,186,816 bytes)

File type:
Executable application (Win32 EXE)

Language:
English (United Kingdom)

Common path:
C:\users\{user}\appdata\roaming\asfergjiiwopwasrga.exe

File PE Metadata
Compilation timestamp:
2/21/2015 1:45:59 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:ptb20pkaCqT5TBWgNQ7a773TcM2FM/1eO26A:6Vg5tQ7a77DcM26tW5

Entry address:
0x25F74

Entry point:
E8, 6A, CE, 00, 00, E9, 7F, FE, FF, FF, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, 58, 01, 4C, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 70, A3, 4B, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, 58, 01, 4C, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85, B8, 01, 00, 00, F7, C6, 03, 00...
 
[+]

Entropy:
7.1201

Code size:
557.5 KB (570,880 bytes)

The file asfergjiiwopwasrga.exe has been seen being distributed by the following URL.

http://www.weebly.com/uploads/4/7/1/4/.../64pp.exe

Remove asfergjiiwopwasrga.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.